An announcement from the Liberty Alliance Project describes the final publication of Phase 2 Specifications in the Liberty Identity Web Services Framework, along with the Liberty Privacy Guidelines for Federated Identity. The announcement also sketches a roadmap for Liberty Alliance Phase 3 deliverables that will benefit from member participation in two new expert groups. A Services Expert Group was formed "to define and manage the process for creating new service specifications," and a Conformance Expert Group (CEG) was formed "to define and manage the process for validating interoperability between vendors' implementations of the Liberty Alliance standards."

New Service Interface Specifications planned for Liberty Phase 3 include: (1) a Contact Book Service Interface, providing a "common method for users to manage and share personal or business contacts regardless of contact book provider, enabling service providers to access or automatically update, at the user's request, information like billing or shipping address"; (2) a Geo-location Service Interface, "supporting an interoperable way to automatically identify a person's location, at the user's request, to provide services like weather, news, travel or currency updates or directions to a chosen location"; (3) a Presence Service Interface "defining a common way for users to share presence information."

The new Liberty Web Services Framework "provides organizations with an open, standards-based way of delivering identity-based web services that can enable new revenue opportunities, cut internal IT costs, and make web services more secure and private. Because the Liberty specifications are built on existing open industry standards such as SAML, SOAP, XML and WS-Security, they can be deployed and supported in any environment and maximize an organizations investment in non-proprietary standards." The 2003-11-12 announcement identifies five companies that have announced plans to support the Phase 2 Liberty specifications in existing or new products and services.

Bibliographic Information and Overview

As summarized in the index document, the Liberty Alliance Project Phase 2 Specifications are comprised of: ID-FF Documents (Liberty Identity Federation Framework), ID-WSF Documents (Liberty Identity Web Services Framework), and ID-SIS Documents (Liberty Identity Service Interface Specifications). References follow for the final version of the Privacy and Security Best Practices and for the first two published ID-SIS Documents.

• Liberty ID-SIS Personal Profile Service Specification. Edited by Sampo Kellomäki (Symlabs). Liberty Alliance Project. Version: 1.0. November 08, 2003. 41 pages. Contributors: David del Ser (Vodafone), Jukka Kainulainen (Nokia), John Linn (RSA), Bronislav Kavsan (RSA), Lena Kannappan (France Telecom), Ariel Gordon (France Telecom), Vincent Guesdon (France Telecom), Jonathan Sergent (Sun), Rajeev Angal (Sun), Andy Feng (AOL), Carolina Canales (Ericsson), John Kemp (IEEE-ISTO), Tom Wason (IEEE-ISTO). Abstract: "The Liberty ID-SIS Personal Profile (ID-SIS-PP) defines a web service. It offers profile information regarding a Principal. ID-SIS-PP is an instance of data oriented identity web service. ID-SIS-PP is characterized by the ability to query and update attribute data and incorporates from other specifications mechanisms for access control and conveying data validation information and usage directives. Readers of this document should be familiar with SOAP, SAML and XML."

• Liberty ID-SIS Personal Profile Service Implementation Guidelines. Edited by Sampo Kellomäki (Symlabs) and Tom Wason (IEEE-ISTO). Liberty Alliance Project. Version: 1.0-29. October 10, 2003. Filename: 'draft-lib-id-sis-pp-guide-v1.0-29.pdf'. 31 pages. Abstract: "This document provides implementation guidelines supplemental to the Liberty ID-SIS Personal Profile (ID-SIS-PP) specification. It is also the general guideline for Liberty Profiles. The reader is expected to be familiar with the Liberty D-WSF Web Services Framework Overview, XML, SAML and SOAP. The Liberty ID-SIS Personal Profile (ID-SIS-PP) is a web service hosted by an application provider and usually discovered via a discovery service. It offers basic profile information regarding Principal, including name, legal identity, and a minimal set of contact information such as legal domicile, home, and work addresses. The profile may also contain phone numbers, emails and other online contact information. Some basic demographics and presentation information and employment and public key details may also be included. An extension mechanism allows other arbitrary data to be included. An ID-SIS-PP service only stores information regarding the Principal him- or her-self and does not target contact management or e-commerce applications (a contact book may address those requirements better). A typical Principal has two ID-SIS-PP service instances, one for her work identity, and another for her private identity. An ID-SIS-PP service is an instance of a data oriented (see ID-WSF Data Services Template) identity web service (see ID Web Services Framework). An ID-SIS-PP service, like all data services, is characterized by an ability to query and update attribute data. It incorporates mechanisms from other specifications for access control and for conveying data validation information and usage directives."

• Liberty ID-SIS Employee Profile Service Specification. Edited by Sampo Kellomäki (Symlabs). Liberty Alliance Project. Version: 1.0. November 08, 2003. 21 pages. Contributors: Jukka Kainulainen (Nokia), Lena Kannappan (France Telecom), Ariel Gordon (France Telecom), Vincent Guesdon (France Telecom), Carolina Canales (Ericsson), John Kemp (IEEE-ISTO), Tom Wason (IEEE-ISTO). Abstract: "The Liberty ID-SIS Employee Profile (ID-SIS-EP) specifies a web service. It offers profile information regarding employees. ID-SIS-EP provides basic employee information. ID-SIS-EP is an instance of data oriented identity web service. ID-SIS-EP is characterized by ability to query and update attribute data and incorporates from other specifications mechanisms for access control and conveying data validation information and usage directives. Readers of this document should be familiar with SOAP, SAML and XML. Readers may also wish to familliarize themselves with the Liberty ID-SIS Personal Profile (ID-SIS-PP)."

• Liberty ID-SIS Employee Profile Service Implementation Guidelines. Edited by Sampo Kellomäki (Symlabs) and Tom Wason (IEEE-ISTO). Liberty Alliance Project. Version: 1.0-03. October 10, 2003. Filename: 'draft-lib-id-sis-ep-guide-v1.0-03.pdf' 14 pages. Abstract: "The Liberty ID-SIS Employment Profile (ID-SIS-EP) is a web service. It offers profile information regarding employee. ID-SIS-EP provides basic employee information ID-SIS-EP is an instance of data oriented identity web service. ID-SIS-EP is characterized by ability to query and update attribute data and incorporates from other specifications mechanisms for access control and conveying data validation information and usage directives."

• Privacy and Security Best Practices. Liberty Alliance Project. Edited by Christine Varney (Hogan & Hartson). 'Final' Version 2.0. November 12, 2003. 32 pages. Contributors: Piper Cole (Sun Microsystems), William Duserick (Fidelity), Jill Lesser (AOL), Gary Podorowsky (Sony), Paule Sibieta (France Telecom), Charlotte Thornby (Sun Microsystems). The document includes these principal sections: Liberty Alliance Perspective on Privacy; Privacy Laws; Fair Information Principles; Liberty Alliance Privacy Recommendations; Security; Internet Security Vulnerabilities and Precautions; Glossary. Abstract: "Privacy and security are key concerns in the implementation of Liberty Alliance specifications. As such, the Liberty Alliance has and will continue to provide tools and guidance to implementing companies that enable them to build more secure, privacy-friendly identity-based services that can comply with local regulations and create a more trusted relationship with customers and partners. The following document highlights certain national privacy laws, fair information practices and implementation guidance for organizations using the Liberty Alliance specifications."

• Liberty Architecture Framework for Supporting Privacy Preference Expression Languages (PPELs). Liberty Alliance Project. Version 1.0. November 12, 2003. 15 pages. Editors and Contributors: Robert Aarts (Nokia), Margareta Björksten (Nokia), Stephen Deadman (Vodafone), Bill Duserick (Fidelity Investments), Niina Karhuluoma (Nokia), Andrew Lindsay-Stewart (Vodafone), John Linn (RSA Security), Paul Madsen (Entrust), Paule Sibieta (France Telecom), Timo Skyttä (Nokia). Abstract: "The Liberty ID-WSF framework enables participants to associate a privacy policy, encoded in any privacy preference language, with a message using SOAP headers. This document gives a high-level example of how privacy preferences can be handled using a multi-leveled policy approach in the communication between a Service Provider and Web Services Provider. In the multi-leveled policy framework, a limited, hierarchical set of privacy policies is used to describe the privacy practices of a Service Provider, and the privacy preferences of a Principal. When requesting attributes, the Service Provider or Web Services Consumer indicates its context specific privacy policy. The Web Services Provider acting on the Principal's behalf, then compares the requestor's privacy policy against the Principal's privacy policy preference for the attributes in question and decides whether to release the attributes. In case of a mismatch, the transaction is cancelled or the interaction service invoked."

Liberty Alliance Identity Service Interface Specifications (ID-SIS)

Liberty Alliance has announced the formation if a new Services Group to "develop a number of interoperable service interface specifications that utilize the new Liberty Identity Web Services Framework and address the needs of specific industries, applications and business models. All Liberty Alliance members can participate in the development of these new Identity Service Interface Specifications (ID-SIS), which will be Phase 3 of the Liberty specifications. Additional SIS groups will be formed as driven by the Liberty Alliance membership."

Two Identity Service Interface Specifications (ID-SIS) have been published:

• The Liberty ID-SIS Personal Profile Service Specification edited by Sampo Kellomäki (Symlabs) "defines a web service. It offers profile information regarding a Principal. ID-SIS-PP is an instance of data oriented identity web service. ID-SIS-PP is characterized by the ability to query and update attribute data and incorporates from other specifications mechanisms for access control and conveying data validation information and usage directives."
• The Liberty ID-SIS Employee Profile Service Specification "offers profile information regarding employees. ID-SIS-EP provides basic employee information. ID-SIS-EP is an instance of data oriented identity web service. ID-SIS-EP is characterized by ability to query and update attribute data and incorporates from other specifications mechanisms for access control and conveying data validation information and usage directives."

In Phase 3 the Liberty Alliance plans to "develop the following additional Service Interface Specifications:

• Contact Book Service Interface: A common method for users to manage and share personal or business contacts regardless of contact book provider, enabling service providers to access or automatically update, at the user's request, information like billing or shipping address.
• Geo-location Service Interface: An interoperable way to automatically identify a person's location, at the user's request, to provide services like weather, news, travel or currency updates or directions to a chosen location.
• Presence Service Interface: A common way for users to share presence information, such as whether they are online, offline, on the phone or in a meeting, with any service provider for the purpose of communicating availability."

Implementation of the Liberty Web Services Framework Specifications

"The new Liberty Web Services Framework provides organizations with an open, standards-based way of delivering identity-based web services that can enable new revenue opportunities, cut internal IT costs and make web services more secure and private. Because the Liberty specifications are built on existing open industry standards such as SAML, SOAP, XML and WS-Security, they can be deployed and supported in any environment and maximize an organizations investment in non-proprietary standards."

"In a related development, five companies announced today plans to support the Phase 2 Liberty specifications in existing or new products and services:

• Phaos: The Phaos Liberty Identity Provider (IDP) and Phaos Liberty Service Provider (SP), J2EE Server components packages, support the Phase 2 Liberty Identity Federation Framework (ID-FF), allowing for identity/account linkage, simplified single sign-on and session management. Phaos plans to implement the Liberty Identity Web Services Framework (ID-WSF) into a product that will be available in Q2 of 2004.
• Ping Identity: Plans to deploy a Phase 2 Liberty-enabled version of their leading open source SourceID Federation Platform in early 2004. SourceID provides world-class tools, applications, and infrastructure for federated identity management. Currently, there have been more than 2,500 downloads of SourceID from global 1000 corporations.
• Sun Microsystems: Plans to immediately expand the existing Liberty functionality of the Sun Java Enterprise System through its Java System Identity Server to include support for Liberty's Phase 2 specifications. See the announcement for details.
• Trustgenix: Trustgenix IdentityBridge, available now, supports the Liberty Phase 2 standards and provides federated identity management (including single sign-on, provisioning and privilege management in the extended enterprise) that complements existing identity management systems.
• Vodafone: Vodafone plans to deploy Phase 1 and Phase 2 Liberty standards in its intranet and commercial service platforms across Vodafone. Vodafone will include the specifications as part of platform releases in 2004-2005.

Liberty Alliance Expert Groups

Liberty Alliance has announced the creation of two new Expert Groups:

• The Services Expert Group was formed "to define and manage the process for creating new service specifications for the Liberty Alliance. This group is responsible for the creation, oversight and coordination of all activities involved in the creation of new Services Specifications, including the formation of new services tracks, writing MRDs, and developing the specification. Members may participate in order to: (1) provide input into the Liberty ID-SIS specifications and help fast-track development of specifications needed to drive new business; (2) network with experts in similar industry areas; (3) publish their work..."

• The Liberty Alliance Conformance Expert Group (CEG) was formed "to define and manage the process for validating interoperability between vendors' implementations of the Liberty Alliance standards. The CEG encourages all product providers to participate, validates their implementations, and publicizes their success. The growing number of interoperable implementations ensure overall buyer confidence in interoperability, help predict product functionality and provide a reference point for both technology vendor and deployer expectations. The CEG defines the testing process and procedures, defines licensing requirements and monitors usage of Liberty conformance logos, and conducts conformance testing events. Members may participate in order to: (1) define the technical requirements for conformance testing; (2) manage the Liberty Conformance Testing program..." See also the October 15, 2003 announcement for Liberty's certification program: "Liberty Alliance Launches Certification Program for Liberty-Interoperable Products and Services. Initiative Ensures Product Compatibility to Help Increase Buyer and Partner Confidence in Identity Management Products and Services."

Other Liberty Alliance Expert Groups include:

• The Business and Marketing Expert Group, which "identifies and drives the market requirements for the Liberty specifications and is also the central point for all of the Alliance's communications and public relations efforts. Additionally, it is responsible for creating the business templates that will help drive business adoption of the specifications and enable circles of trust..."
• The Technology Expert Group, which "drives the technical specifications to support the market needs identified by the Business & Marketing Expert Group. This body of experts is made up of many of the top technical experts across industries, resulting in highly productive work sessions and excellent market education opportunities.
• The Public Policy Expert Group, which "drives dialogue with government and non-government groups concerned with the many issues pertaining to identity and data management. It also ensures that the Liberty specifications adhere to pertinent laws and regulations.